As our world has become digital, the concept of privacy has become more prominent. Although the location and information about private life shared on social media come to mind at first, the issue also has an aspect that concerns organizations. Especially the increase in e-commerce volume over the years has increased the frequency of personal data being delivered to organizations. The fact that this situation has become and ordinary factor in today's world caused legal regulations to be made. These regulations also oblige companies and organizations to protect the data they receive from their customers.
The regulations in our country are collected under The Law on Protection of Personal Data, with No. 6698, and which was accepted in March 2016. This law expresses, in a clear framework, the answers to questions regarding the subjects such as under which standards the personal data, which is in detail collected in the internet environment, are stored, processed, and which permissions are obtained for use of them.
In case of violation of the law, serious fines are imposed on organizations. However, more importantly, the related organization can suffer serious loss of reputation in the eyes of its customers and users.
What is personal data?: Personal data is defined as a concept specific to natural persons in the relevant law. In this context, not only the details of identity such as name, surname, date of birth, place of birth, but also all information that makes the person directly or indirectly identifiable such as individual's phone number, motor vehicle license plate, social security number, passport number, CV, photograph, image and sound records, fingerprints, e-mail address, hobbies, preferences, people with whom they interact, group memberships, family information, health information, are considered personal data.
VERBIS registration: As individuals register while shopping on a website, it is essential that organizations register in the VERBIS (Data supervisors Registry Information System) within the scope of LPPD compliance. For the records that can be made on websites, the Protection of Personal Data Authority, has a comprehensive Clarification Text and Data supervisors Registry Information System Guide on the website of the organization. This record covers not only private companies but also public institutions. The law obliges any private and public institution that will process data to complete this registration before starting data processing.
Data supervisor: Although the data supervisor is thought as an assignor / authorized person from within the company at first, legal entities such as companies, associations and foundations can also be defined as data supervisors. The persons or organizations representing this statement manage processes such as protecting and processing personal data collected under the law directly or through the designated Data Processor. However, in case of any violation, the responsibility also belongs to the Data supervisor.
Penalties to be Paid in Case of Violation
The law imposes significant amounts of financial penalties in case of violations. Moreover, the loss of reputation to be experienced causes greater damage to the organization that violates the law in the medium and long term. When we examine the table in financial terms, there are amounts that vary depending on the type and scope of the violation. Accordingly, while there exist penalties starting from 9 thousand TL and up to 180 thousand TL for the violation of the Fulfillment of Disclosure Requirement, the amounts from 27 thousand TL to 1 million 800 thousand TL are in effect in violation of Fulfillment of Data Security Obligations. For Violation of Fulfillment of Execute Board Decisions, the amount is 45 thousand TL - 1 million 800 thousand TL; and for the violation of VERBIS Registration and Notification Obligations, the amounts are applied varying from 36 thousand TL to 1 million 800 thousand TL. It essential to note that these values be increased each year according to inflation.